On Sat, Aug 27, 2005 at 10:28:04PM +0930, Tim wrote:
>> James Pifer:
>>
>> > Well, how do you do this? Right now root is the owner of the files and
>> > apache is the group assignment. How do I give others rights to update
>> > the files in a safe manner?
>>
>> man chown
>>
>> Think about how you're going to do this, and apply it to directories and
>> files, starting at /var/www/html. You could leave root as the owner,
>> make authors the group, add everyone who's an author to the author group
>> (webmasters is a long word, and makes listing directories a bit
>> messier).
>>
>> Something as simple as: chown -R root:authors /var/www/html/*
>>
>> You may need to do a separate non-recursive one for the "html"
>> directory.
>>
>> e.g. chown root:authors /var/www/html
Why not just do a recursive chown on /var/www/html? e.g.
chown -R root:authors /var/www/html
>> And ensure that owners and the group can read and write files, other
>> users can only read files.
>>
>> e.g. chmod -R o+rw,g+rw,o-w /var/www/html/*
(Don't you mean u+rw,g+rw,o-w?)
>> Likewise, you may need to do a separate non-recursive one for the "html"
>> directory.
>>
>> e.g. chmod o=rwx,g=rwx,o=wx /var/www/html
(I think you probably mean u=rwx,g=rwx,o=rx?)
And again, why not just start at /var/www/html .... except that ....
>> (Remember executable permissions are needed for directories, but usually
>> not wanted for web servable files.)
True. But if there are directories within /var/www/html, you want to
make them world-"executable" as well. I recently discovered, though,
that chmod has some flags that allow what I think you want. Continuing
the example, you would do this:
chmod -R g+rwX /var/www/html
chmod -R o+rX /var/www/html
Assuming /var/www/html and everything below it in the hierarchy starts
out readable/writable to its owner, with directories executable as
well, the above commands should make everything readable/writable to
others in the group, readable to all, and any file/directory that's
executable by its owner will be executable to all.
Hope this helps in general, though in this situation I rather like
the other suggestion to instead put things in ~username/public_html
directories and [ whatever configuration is needed to make those files
servable ].
-- blm
